Sophos, a leading anti-virus firm, is offering a service that would alert organizations if one of their PCs has been turned into a zombie. Named ZombieAlert, the service hopes to capitalize on Sophos' estimate that more than 50% of spam comes from zombie machines; that adds up to a lot of wasted bandwidth and performance for companies.

Companies signing up for ZombiaAlert would be notified with a detailed e-mail if a Sophos trap detected spam from coming from one of its networks. Additionally, ZombieAlert monitors Domain Name Server Blackhole Lists to make sure the companies' IP addresses aren't being blacklisted.

The ZombieAlert Service is a part Sophos' premium and platinum support packages, or it can be purchased separately: US$2,500 will cover 1,000 seats.

CHRISTOPHER'S OPINION
On the surface this is not a bad deal. For a few cents per computer you can be notified if your company is sending large amounts of unintentional spam out onto the Internet. It would save bandwidth and, in general, help make the world a better place.

But what do you do with the information? Thanks to the world of port address translation, even in a small network of 100 PCs the e-mails would be coming from one IP address, so, unless I am missing something, all you would know is that a PC on your network is infected. You still have to find that one PC.

There are other tools and sniffers that could help you narrow it down, but that is still a fair amount of work. You need a package internally that lets you know as the message is trying to be sent, then you get the internal address.

Still, ZombieAlert is not a bad idea, and is one that would make the Internet that much more bearable.

USER COMMENTS 8 comment(s)

A few cents(9:28am EST Tue Jul 19 2005)Christopher, I guess you must be loaded if you think $2.50 is a few cents. We have about 24,000 computers which works out to be $60,000 which might be cheap if it was a one time payment (which I doubt). Personally I don't see the value. - by FMBeachBum

Home Version(9:47am EST Tue Jul 19 2005)All ISPs should require every PC logging onto the internet scan with this software first. If zombie-ware is found, access denied! - by Crash

watchout(9:48am EST Tue Jul 19 2005)A security flaw that could let an attacker remotely crash computers running Windows exists in several versions of the operating system, not just Windows XP.

Windows 2000, Windows XP and Windows Server 2003 are vulnerable to a denial-of-service attack that exploits a problem in the Remote Desktop Protocol, Microsoft said in an advisory on Saturday. Until a patch is available, Microsoft suggests users block TCP port 3389 (the port used by RDP) on their firewall, disable Terminal Services or Remote Desktop if not required, or secure remote desktop connections using either Internet Protocol Security or a virtual private network connection.

- by helpfull

Can anyone say…(10:00am EST Tue Jul 19 2005)ripoff! I know, I know – alot of businesses love packaged care but, this one is not a great solution. - by Little Walter

It's also a good idea for everyone to send their firewall logs to them so their data is up to date. - by public service

Hmmm(9:14pm EST Tue Jul 19 2005)This would be great if it existed on the DNS server, and scanned all PCs on specific Vlans.

- by Headley

Spamblockers(6:30am EST Fri Jul 22 2005)How confusing to claim to block pop ups and cookies and not have virus scans and cleaners installed in your hard drives and perform regular maintenance of the units, then complain about the cost of some new degausser when you droppppppppped your walkman that very last time and can't fork out the $60.00 for another one, but you can maintain that spyware or an expensive IP is the answer. If the service is provided and you're too lazy or cheap to hire or employ a computer technologist by having one onsight why complain about paying his salary, his or her salary to another service provider, when you don't understand the laws of cost and demand in the first place. - by see me later